Details

An update for qemu-kvm-rhev is now available for Red Hat EnterpriseVirtualization.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linuxon AMD64 and Intel 64 systems.

The qemu-kvm-rhev package provides the user-spacecomponent for running virtual machines using KVM in environments managed by RedHat Enterprise Virtualization Manager.An out-of-bounds read/write access flaw was found in the way QEMU’s VGAemulation with VESA BIOS Extensions (VBE) support performed read/writeoperations via I/O port methods.

A privileged guest user could use this flaw toexecute arbitrary code on the host with the privileges of the host’s QEMUprocess. (CVE-2016-3710)

Solution
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258After installing this update, shut down all running virtual machines. Once allvirtual machines have shut down, start them again for this update to takeeffect.
Updated packages
Red Hat Enterprise Virtualization 3

SRPMS:
qemu-kvm-rhev-0.12.1.2-2.491.el6_8.2.src.rpm
    MD5: 2112b36590be603572983d21825bde51SHA-256: 870ac77842846533aa8c1bbc9ff11bd8278a58f4f1a1b1b70de328ac415ca6cb
 
x86_64:
qemu-img-rhev-0.12.1.2-2.491.el6_8.2.x86_64.rpm
    MD5: 1b0140e1110d2b7fb0c473406d80d100SHA-256: ecd50eab27fe0eac8919ee12ba68ab2199ea92ddda718bb6b91dc13c9395e1bc
qemu-kvm-rhev-0.12.1.2-2.491.el6_8.2.x86_64.rpm
    MD5: 9a0bd288a37ea76f8d5d18dd13bfd93fSHA-256: e80f3108dcfbc373b5be8ad08245b356ef5f57991e448a162777468359f20d9a
qemu-kvm-rhev-debuginfo-0.12.1.2-2.491.el6_8.2.x86_64.rpm
    MD5: 0097d14a656e23a1dee11648e4528dfcSHA-256: b1773eca0ee96c916740a2f56ade2df9ba8f7e05e8468eb17bcd28f39225ac95
qemu-kvm-rhev-tools-0.12.1.2-2.491.el6_8.2.x86_64.rpm
    MD5: 43b924be8b8f81d54667e9c6872ef415SHA-256: e62284b1fbfd1f21e2454fb335f24de0c3e81e676037b740572f97017f883c40
 
(The unlinked packages above are only available from the Red Hat Network)

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/

Leave a Reply